Pr0metheuS

6 exploits Active since Jan 2008
CVE-2008-0297 EXPLOITDB perl WORKING POC
PhotoKorn - Exposure of Sensitive Database Credentials via Direct Request to update3.php
PhotoKorn allows remote attackers to obtain database credentials via a direct request to update/update3.php, which includes the credentials in its output.
CVE-2008-7188 EXPLOITDB perl WORKING POC
ClipShare 2.6 - Unauthenticated Arbitrary User Profile Modification via uid Parameter
ClipShare 2.6 does not properly restrict access to certain functionality, which allows remote attackers to change the profile of arbitrary users via a modified uid variable to siteadmin/useredit.php. NOTE: this can be used to recover the password of the user by using the modified e-mail address in the email parameter to recoverpass.php.
EIP-2026-106285 EXPLOITDB perl WORKING POC
CustomCMS 3.1 - 'vars.php' SQL Injection
CVE-2007-6658 EXPLOITDB python WORKING POC
CustomCMS CCMS 3.1 Demo - SQL Injection
SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page.
CVE-2008-0262 EXPLOITDB perl WORKING POC
Agares PhpAutoVideo 2.21 - SQL Injection via articlecat Parameter
SQL injection vulnerability in includes/articleblock.php in Agares PhpAutoVideo 2.21 allows remote attackers to execute arbitrary SQL commands via the articlecat parameter.
EIP-2026-104800 EXPLOITDB perl WORKING POC
0DayDB 2.3 - 'id' Remote Authentication Bypass